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DETAILED ACTION 

1 . The Amendment, and remarks therein, received on 6/28/06 have been entered and 
carefully considered. 

2. The text of those sections of Title 35, U.S. Code not included in this action can be 
found in a prior office action. 

Response to Arguments 

3. Applicant arguments and amendments to the claim language and the specification 
overcame the previous 35 USC § 1 12 rejections and objections to drawings. Thus 
the 35 USC § 1 12 rejection and objections to drawings are withdrawn. 

4. In various places of applicant's Remarks applicant argues the examiner's position 
without providing concrete facts. For example, as per claim 2, applicant disputes the 
fact that the limitation of claim 2 (discarding non-permitted operation requests) is 
well known, and rather than providing examples to that the limitations are not well 
known, applicant rests on the assumption that the examiner provided only a 
subjective opinion. 

Taking in consideration the amount of issues raised by applicant that essentially 
raised a request for explanation of the art of record and its relation to the claimed 
limitations, the examiner addresses applicant's arguments by grouping them 
together. 

Also, in the future, applicant should provide clear indication of the deficiencies of the 
art of record backed up with "extrinsic evidence", "facts and/or technical reasoning". 
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Otherwise, statements indicating that it is not well known to discard non-permitted 
operation requests for example, are diminished to meaningless discussion. The 
facts and examples of the opposite trends in the art at the time of the invention (e.g. 
providing proofs that gateways limiting passing of the operation request to only a 
predefined set of permitted operations in fact do execute the non-permitted 
operation requests) would be more persuasive. No evidence support applicant's 
assertions was provided. As a result the arguments form mere opinions 
unsubstantiated by facts. 

Lastly, the examiner reminds applicant that while judging obviousness the 
knowledge which was within the level of ordinary skill at the time the claimed 
invention was made, must be taken into the account. The examiner, also reminds 
applicant that in orders to adequately traverse the examiner's statement of well- 
known facts, an applicant must specifically point out the supposed errors in the 
examiner's action, which would include stating why the noticed fact is not considered 
to be common knowledge or well-known in the art. See 37 CFR 1.111(b). 
5. As per claim 1 the examiner Nathanson discloses a system 10 incorporated in a 
vehicle (Fig. 1, col. 2 lines 31-33) comprising a first data processing unit (15) 
connected to device control units of the vehicle (Fig. 1 and col. 2 lines 31-38 and col. 
4 lines 28-33), a second data processing unit (25) connected to communications 
apparatus providing a wireless connection (35) to an external network (e.g. Internet, 
Fig. 1 and col. 3 lines 20-22 and col. 4 lines 4-16), such that operation requests can 
be received at the second data processing unit from the external network (Fig. 1 , col. 
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3 lines 20-22 and col. 4 lines 4-16), and a data communications link between the first 
and second data processing units (Fig. 1 and col. 2 lines 19-21). 
The previous Office Action contained a typographical error, wherein the element 60 
(Nathanson, Fig. 1) was shown to identify a second data processing unit 60, but 
actually element 25 discloses the presence of the second data processing. The 
typographical error has been corrected in this Office Action. 
Nathanson's disclosure clearly indicates the presence of the second data processing 
unit by disclosing element 25 that bridges external clients with a device control unit. 
In particular, Nathanson clearly discloses processing elements of element 25 (e.g. 
col. 3 lines 4-6) and communication elements (e.g. Fig. 1 elements 40 and 50 as 
further articulated in col. 2 lines 23-28). As a result, the apparatus disclosed by 
Nathanson is representative of any other typical computer, e.g. PC, where in 
addition to a communication apparatus (the network interfaces such as network 
cards in PCs for example, or in Nathanson's case: elements 40 and 50) a second 
processing unit (such as an Operating System or a program module) for purpose of 
interpretation and processing of the received data is used. 

The examiner also points out that the current claim language does not preclude "the 
server 25" and "the client 30" to be broadly interpreted as "the second data 
processing unit (B)" and "a communications apparatus" respectively. 
6. Furthermore, Richardson was cited as obvious in view of Nathanson's. Richardson 
teaches a gateway (enabler) limiting the operations that can be performed at the first 
data processing unit in response to requests from the second processing unit to only 
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a predefined set of permitted operations (col. 5 lines 49-59). The benefit of increased 
security that would have resulted from implementing Richardson's invention into 
Nathanson's invention would not only be clear to one of ordinary skill in the art at the 
time of applicant's invention but also Richardson explicitly discloses the security 
improvement as the aim of the invention (e.g. col. 4 lines 52-53). As a result, 
applicant's argument that the motivation to combine could be found only in 
applicant's specification is erroneous. 

7. As per claim 2 the examiner points out that although Richardson does not explicitly 
disclose discarding non-permitted operation requests, discarding non-permitted 
operation requests by the gateway that controls requests and limits passing of the 
requests to only a predefined set of permitted operations, if not inherent, would be at 
least implicit. Any opposite action (allowing the non-permitted operation) could 
threaten stability of the system. Even if the instructions were to be saved, in addition 
to slowing down the system by virtue of necessity of additional 
instructions/operations, the threat of future accidental execution would be 
introduced. 

8. As per claim 4, the examiner pointed out that although Nathanson in view of 
Richardson teach the gateway component limiting passing of the operation requests 
the art of record failed to disclose access control list defining which operation 
requests are permitted for particular requestors. However, the examiner also 
pointed out that access control list as cited in the claim language is well known in the 
art. Applicant questions the fact that access control lists are well known in the art 
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but once again fails to provide any concrete facts to the contrary. Applicant's 
argument is not understood. "Comparing all operation requests with operations 
permitted for particular requestors" is a fundamental concept of computer security 
implemented in various other technologies that are not only well known but also 
widely implemented, e.g. Windows NT, Citrix, Oracle, etc. For example, the 
controlling access to object using control lists can be found in any Windows NT book 
in the chapter addressing authentication, rights and permissions. Implementation of 
Windows NT in the Internet environment (Internet Information Server) will also 
provide applicant with examples of Windows NT authentication and permissions of 
external requests. Furthermore, examining Internet e-mail as well as Internet trade 
(shopping) also incorporates requests/user authentication/validation that inherently 
comprises permission (access/no access) lists. 
9. As per claim 3 Nathanson in view of Richardson's and further in view of Serughett's 
invention disclose an operating system implemented in the vehicle. Serughett's 
discloses a gateway component running in the static operating system environment. 
Once again, applicant objects to Serughet as allegedly not disclosing "any language 
that teaches the limitations" and not providing a prima facie case of obviousness. 
Applicant's position is not understood, especially since applicant's criticisms is not 
backed up with functional examples. Serughett teaches the OSEKA/DX that is a 
static operating system and is implemented in vehicles (see the title and Fig. 1 for 
example) and provides the benefits the benefits of case of a prima facie case of 
obviousness (see benefits of OSEK cited on pg. 26 for example). 
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Also, as per applicant's questioning the motivation to implement the static operating 
system environment in a gateway component of the first data processing unit, the 
examiner once again, points to the benefit of the OSEK static operating system 
disclosed by Serughett cited above and in the previous Office action. 

10. Claim 5 limitations were covered while discussing the previous claims and the 
examiner pointed out that some of these limitations were well known in the art. The 
main limitations of claim 5 were directed towards Real Time Operating System and 
authentication of operation requests against access control list operations, wherein 
only permitted operations were passed and non-permitted discarded. These 
limitations were addressed when discussing claims 2 and 3. Given the fact that the 
same reference addresses claim 5 as claims 2 and 3, for the purpose of the rejection 
the examiner treated claim 5 as equivalent. 

1 1 . In particular, in the discussion of claim 3 the examiner used Serughett's reference 
that discussed OSEK, that is a Real Time Operating System (e.g. the last few lines 
of pg. 25) and the evaluating of operations requests that resulted in passing or 
discarding of requests was addressed with regard to claim 2. Thus, the art and the 
examiner's arguments addressing the limitations of claims 2 and 3 sufficiently 
covered the limitations of claim 5. Thus, applicant's arguments regarding claim 5 
were found non persuasive. 

12. As per the rejections of claims 7 and 8 under 35 U.S.C. 103(a), applicant failed to 
identify "one or more security-critical resources" in the examiner's cited elements 70- 
78. Applicant argues that these elements are not security-critical resources because 
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they are appliance interface modules and also requests evidence for applicant's 
provided conclusion that "an interface module, as taught in Basset, inherently 
teaches a data processing system". 

In the previous Office Action, the examiner provided only a few examples of one or 
more security critical resources taught by Basset. The examiner invites applicant to 
careful reading of the Basset's reference in order to fully appreciate the art and 
relationship with applicant's claim language. For example, in addition to the citation 
of Basset in the previous Office Action, Basset discloses a security-critical resource 
such as a "furnace" that is controlled by a first data processing unit (an appliance 
interface module 70. Basset, Abstract, col. 5 lines 58-67). 
Applicant also argues Basset's disclosure of a second processing unit arguing the 
link between the first and the second unit within a network-connected home 
environment, and points to col. 5 lines 25-27 that, according to applicant, is a proof 
of Basset's disclosure not reading on the claim language. 

It appears that applicant failed short on fully appreciating the cited disclosure. In the 
attempt to help applicant place the cited lines in the appropriate context the 
examiner provides applicant with the full paragraph: "An automation system 
controller 15 may be provided, which is connected, for example, to the residence 
electrical wiring system 20. Automation system controller 15 may be configured to 
include, for example, an Energy Management System (EMS) network controller 
which can serve as scheduler, user interface, load research information storage and 
display service for all AIM modules in a home installation". Furthermore, the 
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examiner points out that cited reference was just an example and invites applicant to 
consider the whole Basset's reference, which provides a plurality of element 15 
functionalities. 

As per applicant's arguments that Richardson does not suggest "the gateway 
component limitation the operations which can be performed at the first data 
processing unit to only a predefined set of permitted operations", the examiner 
points out that Richardson, col. 5 lines 49-59, clearly disclose an enabler limiting the 
operation requests that reads on the gateway recited in the claim limitations. 

13. As per claim 8 applicant challenges the examiner's argument that one would have 
been motivated to utilize Internet in Basset and Richardson's invention especially in 
light of the benefit of Internet as evidence by Internet commercial success, but once 
again applicant not only failed to recognize the well known benefits of the Internet 
connection (e.g. flexible access and data delivery path) but also to provide any 
examples to the contrary. 

14. Claim 7 and 8 were also rejected over Basset in view of Pfleeger. 
Applicant seems to repeat previously stated position and additionally argues 
Pfleeger's reference as well and motivation to combine. 

Applicant's carefully considered arguments were not found persuasive. The 
examiner points applicant to previous discussion in this Office Action (above) as well 
as the previous Office Action, paragraphs 15-16. 

15. Claims 1-5, 7-8 and 10-11 have been examined. 
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Claim Rejections - 35 USC § 103 

16. Claims 1-2, 4 and 10-11 remain rejected under 35 U.S.C. 103(a) as being 
unpatentable over Nathanson (U.S. Patent No 6263268) in view of Richardson (U.S. 
Patent No 6427202). 

Nathanson teaches a system 10 incorporated in a vehicle (Fig. 1, col. 2 lines 31-33). 

17. As per claims 1 and 10 Nathanson discloses a first data processing unit (15) 
connected to device control units of the vehicle (Fig. 1 and col. 2 lines 31-38 and col. 
4 lines 28-33), a second data processing unit (25) connected to communications 
apparatus providing a wireless connection (35) to an external network (e.g. Internet, 
Fig. 1 and col. 3 lines 20-22 and col. 4 lines 4-16), such that operation requests can 
be received at the second data processing unit from the external network (Fig. 1 , col. 
3 lines 20-22 and col. 4 lines 4-16), a data communications link between the first and 
second data processing units (Fig. 1 and col. 2 lines 19-21). 

Nathanson teach communication across the data communication link (col. 3 lines 1- 
16) but do not teach a gateway component for controlling communications across 
the data communications link, the gateway component limiting passing of the 
operation requests from the second data processing unit to the vehicle's device 
control units to only a predefined set of permitted operations. 
Richardson teaches a gateway limiting the operations which can be performed at the 
first data processing unit in response to requests from the second processing unit to 
only a predefined set of permitted operation (col. 5 lines 49-59). 
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It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to implement limiting the operations which can be performed at the first 
data processing unit in response to requests from the second processing unit to only 
a predefined set of permitted operation given the benefit of increased security. 

18. As per claim 11 the secure resources include the vehicle's internal device control 
units (col. 2 lines 34-36). 

19. As per claim 2 Nathanson in view of Richardson do not explicitly teach discarding 
non-permitted operation requests. However, any data (including operation requests) 
require (tight up) computing resources and as a result discarding non-permitted 
operation requests would have been obvious modification given the benefit of saving 
unnecessary use of resources. 

20. As per claim 4 Nathanson in view of Richardson teach the second data processing 
unit and the gateway component limiting passing of the operation requests from the 
second data processing unit to the vehicle's device control units to only a predefined 
set of permitted operations as discussed above. 

Nathanson in view of Richardson does not teach a gateway component in the 
second data processing unit that compares all operation requests on the first data 
processing unit and one or more access control list (ACL) in the second data 
processing unit defining which operation requests are permitted for particular 
requestors. 

Official Notice is taken that it is old and well-known practice to use ACLs to define 
which operation requests are permitted for particular requestor and that 
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implementation of ACL requires a component comparing the requests with the ACL's 
entries. Thus, it would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate ACL defining which operation requests 
are permitted for particular requestors and a gateway component that compares all 
operation requests given the benefit of selective access control to the secure 
resources. 

21. Claims 3 and 5 remain rejected under 35 U.S.C. 103(a) as being unpatentable over 
Nathanson (U.S. Patent No 6263268) in view of Richardson (U.S. Patent No 
6427202) and in further view of Serughett (Marc Serughett, "OSEK: a super-small 
kernel for deeply embedded applications?", 1999). 

Nathanson in view of Richardson teach the first data processing unit the gateway 

component implemented in a vehicle as discussed above. 

Nathanson in view of Richardson is silent in regard to the operating system 

implemented in the vehicle and as a result there is not disclosure of the first data 

processing unit and the gateway component running in the static operating system 

environment. 

In its publication Serughett teaches the OSEKA/DX static operating system and 
discloses various benefits of OSEK. 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to run the first data processing unit and the gateway component running 
the static operating system as taught by Serughett given the various benefit 
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disclosed by Serughett: reliability, minimal resource usage, highly efficient 
scheduling, etc. 

22. As per claim 5 OSKEA/DX taught by Serughett is a RTOS and other limitations of 
claim 5 are substantially equivalent to the limitations of claim 2-3; therefore these 
limitations are similarly rejected. 

23. Claims 7-8 remain rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bassett (U.S. Patent No 5706191) in view of Richardson (U.S. Patent No 6427202). 
Bassett teach a first data processing unit (an appliance interface module, AIMs, 70- 
78) connected to one or more security critical resources (water heater 71 , gas meter 
50, etc.) and a second processing unit (controller 15, Fig. 1) connected to an 
external communications network (Fig. 6, col. 12 lines 41-57) such that operation 
request can be received from the external network (col. 12 lines 41-57) a data 
communication link between the first and second data processing units (wiring 
system 20, Fig. 1, col. 5 lines 25-27), wherein the first and second data processing 
units and the link between them are implemented within a network-connected home 
environment (Fig. 1), and the security-critical resources include security-critical 
devices within the home which are managed by application programs running on the 
first data processing unit (Fig. 15, col. 9 lines 29-34 and line 51-67). 

Bassett does not explicitly name a gateway component for controlling 
communications across the link but (see, col. 14 lines 25-31) it is clear that some 
kind of gateway component (e.g. a processor) is present in Bassett* invention in 
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order to enable communication between the external network and the first data 
processing unit. 

Bassett does not teach the gateway component limiting the operations which can be 

performed at the first data processing unit in response to requests from the second 

processing unit to only a predefined set of permitted operation. 

Richardson teaches a gateway limiting the operations which can be performed at the 

first data processing unit in response to requests from the second processing unit to 

only a predefined set of permitted operation (col. 5 lines 49-59). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 

invention to implement limiting the operations which can be performed at the first 

data processing unit in response to requests from the second processing unit to only 

a predefined set of permitted operation given the benefit of increased security. 

24. As per claim 8 Bassett in view of Richardson do not teach that the external network 
is the Internet. However, utilizing Internet as an external network is an obvious 
variation that is well known in the art. One would have been motivated to use them 
especially in light of the benefits of Internet as evidenced by Internet commercial 
success. 

25. Claims 7-8 remain rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bassett (U.S. Patent No 5706191) in view of Pfleeger (Charles P. Pfleeger, "Security 
in computing", 2nd edition, 1996, ISBN: 0133374866). 

Bassett teach a first data processing unit (an appliance interface module, AIMs, 70- 
78) connected to one or more security critical resources (water heater 71 , gas meter 
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50, etc.) and a second processing unit (controller 15, Fig, 1) connected to an 
external communications network (Fig. 6, col. 12 lines 41-57) such that operation 
request can be received from the external network (col. 12 lines 41-57) a data 
communication link between the first and second data processing units (wiring 
system 20, Fig. 1 , col. 5 lines 25-27), wherein the first and second data processing 
units and the link between them are implemented within a network-connected home 
environment (Fig. 1), and the security-critical resources include security-critical 
devices within the home which are managed by application programs running on the 
first data processing unit (Fig. 15, col. 9 lines 29-34 and line 51-67). 
Bassett does not explicitly name a gateway component for controlling 
communications across the link but (see, col. 14 lines 25-31) it is clear that some 
kind of gateway component (e.g. a processor) is present in Bassett' invention in 
order to enable communication between the external network and the first data 
processing unit, 

Bassett does not teach the gateway component limiting the operations which can be 

performed at the first data processing unit in response to requests from the second 

processing unit to only a predefined set of permitted operation 

Pfleeger teaches a gateway (firewall) limiting the operations which can be performed 

at the first data processing unit in response to requests from the second processing 

unit to only a predefined set of permitted operation (pg. 427-434). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 

invention to implement limiting the operations which can be performed at the first 
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data processing unit in response to requests from the second processing unit to only 
a predefined set of permitted operation given the benefit of increased security. 
26. As per claim 8 Bassett in view of Pfleeger do not teach that the external network is 
the Internet. However, utilizing Internet as an external network is an obvious 
variation that is well known in the art. One would have been motivated to use them 
especially in light of the benefits of Internet as evidenced by Internet commercial 
success. 

Conclusion 

THIS ACTION IS MADE FINAL Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is (571) 272- 
3840. The examiner can normally be reached Monday through Thursday from 9:00 
a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jacques Louis Jacques can be reached on (571) 272-6962. The fax phone 
number for the organization where this application or proceeding is assigned is (571) 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




